The present invention relates to a system and method for providing secure storage and transaction facilities for electronically stored data in a computer networking environment, and in particular, to such a system and method in which access to the facility is controlled by the owner of the information.
The security of information is extremely important for modern society, particularly since the advent of the Internet. Unauthorized exposure of such information, and/or unintended or unauthorized use of information may significantly damage organizations and individuals. Damage may also be caused by lost, corrupted or misused information. Thus, appropriate security measures are required in order to protect information from such damaging actions, while still maintaining the availability of such information to authorized individuals and/or organizations.
The mode of storage for information significantly alters the security measures required to protect the information. For example, information which is written on paper can be physically protected through storage in a physical safe. Such a physical safe is a device which contains the paper, thereby preventing unauthorized access to the information, and hence preventing unauthorized or unintended exposure or use of the information.
Physical safes have the advantage of ease of implementation and use, but have the drawback of being restricted to one physical location, such that the user must be physically present in the same location as the safe in order to access the information. Currently, flexibility and ease of access to information are highly valued, particularly through the Internet and organizational intranets, which provide connections between computers through a network. Accessing information through a network enables users at physically separate locations to share information, but also increases the possibility of unauthorized or unintended access to the information. Various attempts to provide a solution to the problem of security for electronically stored information are known in the art, but all of these attempted solutions have various drawbacks. For example, each solution is only able to provide a portion of the required security, thereby increasing the complexity of any security system for electronically stored information, which must be assembled from a number of different technologies. Even with such complicated, advanced security systems, unauthorized intruders such as xe2x80x9chackersxe2x80x9d can still penetrate these security systems and access the electronically stored information. Thus, currently available security systems are both complicated to construct and maintain, and are not able to provide a comprehensive, reliable solution to the problem of information security.
In addition, security systems which are known in the art are designed to protect data by screening each interface, or xe2x80x9cchannelxe2x80x9d, to the data, thereby requiring many different systems to be assembled in order to provide full security. Furthermore, by attempting to screen multiple channels to data, the probability of overlooking one or more such channels increases significantly, such that the data then becomes vulnerable to access through such channels. Therefore, the success of the security system depends upon the ability of the system administrator to determine all necessary rules for filtering communication or access. Any risk which is overlooked can therefore result in a potential vulnerability of the system. Thus, currently available security systems in the art rely upon the ability to determine risks and vulnerabilities, and to account for every such risk and vulnerability, thereby resulting in complicated security systems.
Certainly, such complicated security systems are difficult, if not impossible, for the average user to understand and to maintain. Such users must trust the system administrator to competently and expertly manage the security system, thereby relinquishing control to the system administrator. However, a security system which could be simply and easily maintained by the average user, such that the average user would have control over his or her own information, would return individual control to each user. In addition, such a security system would also preferably be more robust and secure than existing security solutions. Unfortunately, such a security system is not currently available in the art.
There is thus a need for, and it would be useful to have, a system and a method for secure storage and transfer of electronically stored information, which provides a comprehensive and reliable security solution to the problem of information security for all types of information, regardless of the format or type of information, which is simple to operate and maintain even for the average user such that individual control over data is possible, and which still permits flexible authorized access to the information as needed.